How to automatically set File System Permissions for a WordPress Web Server with a BASH Script

Everyone who wants to make his WordPress web site more secure should definitely spend at least one hour of his life reading the Hardening WordPress chapter of the WP official guide: this is an extremely long list of security countermeasures that any good Webmaster should implement (or ask its System Administrator to implement) not only to strengthen his WordPress installation, yet also to increase his overall knowledge of the WP platform.

In this post we’ll deal with one of the most important aspects of that chapter: File Permissions. Choosing those guidelines will grealy reduce the chances for our web site to get hacked, because we will prevent our attackers from the chance to “accidentally” download some reserved file, execute a script or even inject some pesky commands using a zero-day exploit.

Manually set these permissions can be troublesome, expecially on Linux, where most GUI interfaces don’t allow to do that in a structured way. At the same time, doing it manually will also be highly unefficient, other than prone to human error: there’s simply no chace that we won’t risk to lose something – be it a file or an entire folder – here and there, expecially if we do have a lot of WP plugins, media files, themes, skins and disk data of any sort.

In an attempt to ease up such task we came out with this bash script that can be used to automatically set the required amount of permissions throughout the whole WordPress-based website. Cut the content, then paste it to a new file, save it as set-wordpress-permissions.sh in a folder of your choice (such as /var/www/ ) and execute it in the following way:

1

bashset-wordpress-permissions.sh/var/www/<your_website_file_root>

By using this script anyone will be able to perform the proper amount of ACL changes in few seconds: on top of that, he will be able to repeat the exact same task to any other website, thus ensuring that every one of them will adopt the same permission set.

Without further ado, here’s the script:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

#!/bin/bash

#

# This script configures WordPress file permissions based on recommendations

# from http://codex.wordpress.org/Hardening_WordPress#File_permissions

#

# execute it with the following command:

# bash set-wordpress-permissions.sh /var/www/<site_folder>

#

OWNER=apache# <-- wordpress owner

GROUP=www# <-- wordpress group

ROOT=$1# <-- wordpress root directory

# reset to safe defaults

find${ROOT}-execchown${OWNER}:${GROUP}{}\;

find${ROOT}-typed-execchmod755{}\;

find${ROOT}-typef-execchmod644{}\;

# allow wordpress to manage wp-config.php (but prevent world access)

chgrp${GROUP}${ROOT}/wp-config.php

chmod660${ROOT}/wp-config.php

# allow wordpress to manage wp-content

find${ROOT}/wp-content-execchgrp${GROUP}{}\;

find${ROOT}/wp-content-typed-execchmod775{}\;

find${ROOT}/wp-content-typef-execchmod664{}\;

Feel free to change it to better suit your specific scenario.

To execute it, write the following:

1

bashset-wordpress-permissions.sh<site_folder>

The script will need some minutes to do the job: have patience and let it finish.

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies.

This site uses cookies to improve user experience, personalize content & ads, provide social media features and analyze our traffic: some of these info are shared with our social media, advertising and analytics partners. We assume you're okay with this, but you can opt-out if you wish. Read the Privacy Policy for further info.